samsung-sm8650/android_kernel_samsung_sm8650-modules
1
0
Vork 0
Code Kwesties Pull-aanvragen Actions Packages Projecten Publicaties Wiki Activiteit

qcacmn: Fix NULL pointer dereference in dfs

Bladeren bron 
In target_if_radar_event_handler, target_if_dfs_cac_complete_event_handler
& target_if_dfs_radar_detection_event_handler wmi_handle is derived &
dereferenced with out a NULL check. Add a NULL check for wmi_handle
before it is dereferenced.

Change-Id: I6dde5132a6a2e31a25654bd818a90e1c164a4a74
CRs-Fixed: 2305505
This commit is contained in:
Tushnim Bhattacharyya
2018-08-30 11:38:37 -07:00
gecommit door nshrivas
bovenliggende 898f6ff055
commit 680c3e8340
2 gewijzigde bestanden met toevoegingen van 28 en 5 verwijderingen
Download Patch-bestand Download Diff-bestand Expand all files Collapse all files

10
target_if/dfs/src/target_if_dfs.c
Bestand weergeven

@@ -119,6 +119,7 @@ static int target_if_radar_event_handler(
struct wlan_objmgr_psoc *psoc;
struct wlan_objmgr_pdev *pdev;
struct wlan_lmac_if_dfs_rx_ops *dfs_rx_ops;
struct wmi_unified *wmi_handle;
if (!scn || !data) {
target_if_err("scn: %pK, data: %pK", scn, data);
@@ -135,8 +136,15 @@ static int target_if_radar_event_handler(
target_if_err("Invalid dfs_rx_ops: %pK", dfs_rx_ops);
return -EINVAL;
}
wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
if (!wmi_handle) {
target_if_err("Invalid WMI context");
return -EINVAL;
}
if (QDF_IS_STATUS_ERROR(wmi_extract_wlan_radar_event_info(
GET_WMI_HDL_FROM_PSOC(psoc), data,
wmi_handle, data,
&wlan_radar_event, datalen))) {
target_if_err("failed to extract wlan radar event");
return -EFAULT;

23
target_if/dfs/src/target_if_dfs_full_offload.c
Bestand weergeven

@@ -46,6 +46,7 @@ static int target_if_dfs_cac_complete_event_handler(
struct wlan_objmgr_pdev *pdev;
int ret = 0;
uint32_t vdev_id = 0;
struct wmi_unified *wmi_handle;
if (!scn || !data) {
target_if_err("scn: %pK, data: %pK", scn, data);
@@ -64,8 +65,14 @@ static int target_if_dfs_cac_complete_event_handler(
return -EINVAL;
}
if (wmi_extract_dfs_cac_complete_event(GET_WMI_HDL_FROM_PSOC(psoc),
data, &vdev_id, datalen) != QDF_STATUS_SUCCESS) {
wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
if (!wmi_handle) {
target_if_err("Invalid WMI handle");
return -EINVAL;
}
if (wmi_extract_dfs_cac_complete_event(wmi_handle, data, &vdev_id,
datalen) != QDF_STATUS_SUCCESS) {
target_if_err("failed to extract cac complete event");
return -EFAULT;
}
@@ -109,6 +116,7 @@ static int target_if_dfs_radar_detection_event_handler(
struct wlan_objmgr_pdev *pdev = NULL;
struct wlan_lmac_if_dfs_rx_ops *dfs_rx_ops;
int ret = 0;
struct wmi_unified *wmi_handle;
if (!scn || !data) {
target_if_err("scn: %pK, data: %pK", scn, data);
@@ -127,8 +135,15 @@ static int target_if_dfs_radar_detection_event_handler(
return -EINVAL;
}
if (wmi_extract_dfs_radar_detection_event(GET_WMI_HDL_FROM_PSOC(psoc),
data, &radar, datalen) != QDF_STATUS_SUCCESS) {
wmi_handle = get_wmi_unified_hdl_from_psoc(psoc);
if (!wmi_handle) {
target_if_err("Invalid WMI handle");
return -EINVAL;
}
if (wmi_extract_dfs_radar_detection_event(wmi_handle, data, &radar,
datalen)
!= QDF_STATUS_SUCCESS) {
target_if_err("failed to extract cac complete event");
return -EFAULT;
}